Research: 2013 Strategic Security Survey

Michael A. Davis05/02/13

A Seat at the Table

In our 2012 Strategic Security Survey report, we said that most infosec pros are too willing to pin the blame for problems on end users, the CFO, vendors, developers -- anywhere but ourselves. Harsh? Maybe, but the message seems to have gotten through: Our 2013 data shows that security professionals have gotten the message that we need to own our strategies. Some data points:

>> 79% say they have not experienced a security breach or espionage in the past year. However, when asked if it's possible their systems have been infiltrated and they are unaware, 75% owned up said yes.>> 42% cite enforcing security policies as a top security challenge, making it the No. 1 response.>> 23% see public interest groups/hacktivists as the breach or espionage source that poses the greatest threat to their organizations in 2013.>> 9% say the CFO/finance director sets policy for information security in their organizations; however, for 65%, the CFO/finance director sets spending, and 26% report CFO/finance director involvement in both.

In this report, we:

>> Examine in depth the results of our annual survey, now in its 16th year>> Discuss the maturation of security as a business discipline >> Provide recommendations on building a security-awareness program, using big data to make better decisions and selecting cyber-risk insurance

Respondent breakdown: All respondents are from organizations with 100 or more employees. Forty-one percent have 5,000 or more employees; 31% are over 10,000. Government, financial services and education are well-represented, and 30% are in a security-specific management role. An additional 25% are non-security-specific IT management, and 28% have revenue of $1 billion or more. (R6820613)

Survey Name InformationWeek 2013 Strategic Security Survey Survey Date March 2013Region North AmericaNumber of Respondents 1,029 at organizations with 100 or more employeesPurpose To comprehensively assess the current state of security programs, where organizations are focusing their security efforts, and how IT is adapting to current threats and trends.

3 Author's Bio4 Executive Summary5 Research Synopsis6 A Seat at the Table8 Welcome to the Next Era10 Year of Firsts13 The Promise of Big Data16 President Obama and Cybersecurity 17 Security Insurance Isn't Growing … Yet18 Why Anonymous May Be Your Best Friend21 Appendix51 Related Reports